The easiest way to get your hands on sensitive data

Two thoughts come to mind when I read reports about data security and the protection of personal data: the responsibility of those who collect and store our data but also everyone’s duty to handle their own data responsibly.

Let’s start with the first thought:
Anyone storing someone else’s data must ensure that this data is protected against unauthorized access and that the owner of the data knows what is happening to it. In plain English: Why and for what purpose is data being stored and used? Technical countermeasures can be taken against many of the threats mentioned above. Among them, companies can ensure servers, networks, and data are reliably protected. While no security solution will ever be perfect, options and technologies exist which make it extremely difficult for hackers to achieve their objective.

To me, however, the second thought is the more fascinating of the two as the media pay considerably less attention to it than the first one. Many people now protect their devices by using antimalware software and keeping their apps and programs updated on all their devices. It’s a good start, but is it enough?

How responsibly do we handle our own sensitive data?

This question alone is so fascinating as everyone has his or her own take on where the boundaries lie between private and public data. While some people won’t even allow their name to be listed in a telephone directory, others put their whole lives on show for all to see on social networks. In addition, when it comes to protecting their own data the majority of people only think about the data stored someplace else other than on their devices.  But just how carelessly do we give away our information?

I witnessed something interesting a few days back. On a regular flight I had chance of being allocated the middle seat of the row. The biggest disadvantage of the middle seat is that you sit squashed between two other travelers. That being said, the seat also has also a really entertaining plus-point: you can easily see what the travelers are reading to the left and right of you in the row in front. They often read the usual magazines and newspapers – in other words, completely harmless reading matter. However, this time, I saw the person to my left in the row in front going through emails on a notebook. Normally an incredibly boring activity to strangers were it not for a few key terms in an email that grabbed my attention. What I saw caused my eyes to momentarily stay glued to the email. How should I put it: I now know who this person is, which company the person works for, the person’s position there, that the person is advising a major German corporation on behalf of this company, who the person’s points of contact are at this corporation, that the person is working on a still secret project with this German corporation, and what this project is about. I gathered this huge amount of information all within 30 seconds at most. It’s a good thing I’m not interested in using such information and that I had forgotten most of it by next day anyway.

Things got even more astonishing on the return flight. I saw the person to my right checking recent bank balances. The statements had been downloaded to a notebook and the person spent the entire flight going through each account and transaction. Without any effort at all I could not only see the names of his contacts, but also the names of the banks, sort codes, account numbers, account balances, and additional payment details. This is nothing short of sheer carelessness!

On the one hand, there are now infinite options for users to publish, view, and manipulate data on a wide range of devices. On the other hand, there are countless, smart options to protect devices, networks, and data. Certainly, some allegations levied at companies and organizations which handle our data carelessly are completely justified. But nobody can absolve us of our obligation to handle our own data responsibly.

Think about this the next time you’re sitting in an airplane reading highly confidential emails or checking your bank statements. Or at least make sure nobody’s sitting in the middle seat of the row behind you.

This post is also available in: German